PT-2022-28025 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda A15 version 15.13.07.13 Description: A stack overflow issue was discovered via the wepkey3 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda A15 version 15.13.07.13, avoid using the wepkey3 parameter in th...

Tenda A15 缓冲区错误漏洞

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 wepkey1 parameter, which stems from a lack of length checking of input data in the wepkey1 parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the...

Tenda A15 缓冲区错误漏洞

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 wepkey2 parameter, which stems from a lack of length checking of input data in the wepkey2 parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the...

CVE-2022-4226 Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

WordPress plugin Simple Basic Contact 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in versions ...

PT-2022-26341 · WordPress · Simple Basic Contact Form

Name of the Vulnerable Software and Affected Versions: Simple Basic Contact Form WordPress plugin versions prior to 20221201 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed,...

CVE-2022-46539

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security5g parameter at /goform/WifiBasicSet...

PT-2022-27891 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered in the security parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, consider restricting access to the...

PT-2022-27893 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered, which can be triggered via the security 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, avoid using th...

PT-2022-6285 · Tp Link · Tp-Link Archer C5 +1

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5 version 2 TP-Link WR710N version 1 Description: The issue is related to a heap-based buffer overflow when handling packets, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

Authorization

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

CVE-2022-45956

CVE-2022-45956 affects Boa Web Server versions 0.94.13–0.94.14. The HEAD HTTP method is not properly constrained, allowing bypass of Basic Authentication and access to protected resources. Reported in multiple sources (NVD/Red Hat/PT-Security), with a CVSS v3.1 base score of 5.3 (Network, Low att...

Boa 安全漏洞

Boa is an open source code for embedded applications from Boa Open Source. A security vulnerability exists in Boa Web Server versions 0.94.13 through 0.94.14 that stems from an inability to validate the correct security constraints on the HEAD HTTP method, allowing anyone to bypass the basic...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

PT-2022-27698 · Unknown · Boa Web Server

Name of the Vulnerable Software and Affected Versions: Boa Web Server versions 0.94.13 through 0.94.14 Description: The issue allows bypassing of the Basic Authorization mechanism due to a failure in validating the correct security constraint on the HEAD HTTP method. Recommendations: For Boa Web...

Tenda A18 缓冲区错误漏洞

Tenda A18 is an AC1200 dual-band Wi-Fi repeater from Tenda, China. A security vulnerability exists in Tenda A18 version v15.13.07.09, which originates from a stack overflow discovered via the security5g parameter in /goform/WifiBasicSet...